WAP GAP

The WAP GAP is a specific security issue associated with WAP results from the requirement to change security protocols at the carrier's WAP gateway from the wireless WTLS to SSL for use over the wired network.

At the WAP gateway, the transmission, which is protected by WTLS, is decrypted and then re-encrypted for transmission using SSL, leaving data temporarily in the clear on the gateway.

WTLS is replaced by TLS in WAP 2.0. The gateway described above is no longer needed to translate (decrypt from one standard and re-encrypt to another) since the Internet servers are able to interpret the TLS transmission directly. All data remains encrypted as it passes through the gateway. Since there is such a large difference in WAP technologies, the implementation of WAP 2.0 may take a long time.

WAP 2.0 is a re-engineering of WAP using a cut-down version of XHTML with end-to-end HTTP (i.e., dropping the gateway and custom protocol suite used to communicate with it on older version of WAP). A WAP gateway can be used in conjunction with WAP 2.0; however, in this scenario, it is used as a standard proxy server. The WAP gateway's role would then shift from one of translation to adding additional information to each request. This would be configured by the operator and could include telephone numbers, location, billing information, and handset information.

Some observers predict that this next-generation WAP will converge with, and be replaced by, true Web access to pocket devices. Whether this next generation (Wireless Internet Protocol to mobile) will still be referred to as WAP is yet to be decided.

Disclaimer

The owner of this blog does not accept responsibility for the actions of any users of this site. This blog does not encourage or condone any illegal activity, or attempts to hack into any network. All information in this blog comes from the Internet research, so I´m not responsible for the damage caused by this shared information. Nothing contained in this blog is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner.